Major Data Breach Hits Pennsylvania Attorney General’s Office
The Pennsylvania Office of the Attorney General confirmed a serious data security incident after a ransomware attack disrupted its operations in August 2025. The attackers encrypted internal systems in an effort to extort payment, but the agency states it did not give in to the ransom demand.
Investigators are now working to determine what was compromised. According to the notice from the Attorney General’s Office, personal information such as names, Social Security numbers, and in some cases medical records may have been accessed without authorization.
The ransomware group INC has claimed responsibility and asserted it exfiltrated 5.7 terabytes of data. The potential scope of the breach is massive, and it strikes at a critical public institution.
The attack also caused major operational issues: internal email, the public website, and phone lines were knocked offline, and many of the Attorney General’s 1,200 staff had to resort to alternate communication methods. Courts even paused civil cases involving the AG’s office because attorneys lost access to litigation data, hindering their ability to move forward.
In response, the Attorney General’s Office said it has launched a full investigation, is working with cybersecurity experts, and has notified affected individuals where possible. PR Newswire A dedicated call center has been set up for people with concerns, and the FBI is assisting in the probe.
This breach is a stark reminder of the growing risk that ransomware poses to public institutions — especially when extremely sensitive personal data is at stake.